Debian Security Advisory

DLA-336-1 phpmyadmin -- LTS security update

Date Reported:
28 Oct 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-8958, CVE-2014-9218, CVE-2015-2206, CVE-2015-3902.
More information:

Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL.

  • CVE-2014-8958

    Multiple cross-site scripting (XSS) vulnerabilities.

  • CVE-2014-9218

    Denial of service (resource consumption) via a long password.

  • CVE-2015-2206

    Risk of BREACH attack due to reflected parameter.

  • CVE-2015-3902

    XSRF/CSRF vulnerability in phpMyAdmin setup.